Last September, the Department of Homeland Security informed 21 states that the Russian government had targeted their voter registration system before the 2016 election, and on Wednesday, the DHS's head of cybersecurity, Jeanette Manfra, told NBC News that of the 21 states, "an exceptionally small number of them were actually successfully penetrated." She did not name any of the states, since the report is classified, but she said she has "no doubt" it was the Russian government, not just Russians, behind the cyberattack.
EXCLUSIVE: DHS cybersecurity head has "no doubt" that Russians penetrated voter registration systems.
Watch @CynthiaMcFadden's report tonight on @NBCNightlyNews. https://t.co/P0uUlNmVzk pic.twitter.com/eBPGTDXHZY
— NBC Nightly News with Lester Holt (@NBCNightlyNews) February 7, 2018
The Homeland Security Department was charged with protecting America's electoral system in January 2017, when outgoing DHS Secretary Jeh Johnson designated it federally protected "critical infrastructure," like the electrical grid. NBC News reached out to the 21 targeted states, and five of them said they hadn't been attacked. Manfra said she stands by the list as a "snapshot in time with the visibility that the department had at that time." She also disagreed with Johnson's assessment that states aren't adequately preparing for the 2018 and 2020 elections. "I would say they have all taken it seriously," she said.
Some states told NBC News that the federal government had not told them about specific threats, citing classification issues — Manfra said state officials will get clearance soon — while other states did not want the feds involved in their voting system. Johnson told NBC News that such concerns are "naive" and "irresponsible to the people that [states are] supposed to serve."
There is no evidence that Russia tampered with any voting rolls in the 2016 election, federal officials say. But in a new NBC News/SurveyMonkey poll, 79 percent of respondents said they were at least somewhat concerned that the U.S. electoral system is vulnerable to hacking. Peter Weber
Late Wednesday, the Securities and Exchange Commission said that it discovered last month that a 2016 hack of its computer filing system for publicly traded companies "may have provided the basis for illicit gain through trading." The "software vulnerability in the test filing component of the commission's EDGAR system" has been patched, and while the "intrusion" was discovered last year, the SEC said, it only learned about the possible use of pilfered information to trade stocks for illegal profit after SEC Chairman Jay Clayton ordered a cybersecurity review in May 2017.
The SEC statement did not say why the agency didn't disclose the breach last year, when the system was hacked, or whether specific companies were targeted. The SEC is the federal government's main Wall Street regulator. "Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic," Clayton said. "We must be vigilant. We also must recognize — in both the public and private sectors, including the SEC — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery." Peter Weber
The 2016 election saw America's voter rolls swell to more than 200 million registered voters for the first time ever, and about 198 million of those people had their voter data exposed by a Republican National Committee contractor called Deep Root Analytics.
The breach was discovered by Chris Vickery, a digital security researcher, who reported the exposure to DRA so the data could be secured. The 25 terabytes of information were stored on an Amazon cloud account that could be accessed (and in some cases downloaded) without a login. The data set included voters' "names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as [algorithm-predicted] voter ethnicities and religions."
"We take full responsibility for this situation," DRA said in a statement.
This is not the first time Vickery has found a massive potential leak of voter data. In 2015, he discovered 191 million exposed voter records held by another contractor, Nation Builder, which also works with GOP candidates. Bonnie Kristian